Forum Discussion
Solved
Network Security Group - Flow Logs to Microsoft Sentinel
Hello everyone, is there a way to have the NSG Flow logs logged in Microsoft Sentinel? The tables "NetworkSecurityGroupEvent and NetworkSecurityGroupRuleCounter" are not sufficient for a cust...
- Have you enabled https://docs.microsoft.com/en-gb/azure/network-watcher/traffic-analytics ?
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-schema - source and destination are in the schema for AzureNetworkAnalytics_CL
I just had contact with the customer again.
It is about, for example, seeing the source and destination IP. Likewise the port with which something is tried, for example.
In the NSG standard logs, only the rules are logged and thus communicated whether they took effect or not.
It is about, for example, seeing the source and destination IP. Likewise the port with which something is tried, for example.
In the NSG standard logs, only the rules are logged and thus communicated whether they took effect or not.
Have you enabled https://docs.microsoft.com/en-gb/azure/network-watcher/traffic-analytics ?
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-schema - source and destination are in the schema for AzureNetworkAnalytics_CL
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-schema - source and destination are in the schema for AzureNetworkAnalytics_CL
- Thanks for this Answer.
I forgot to reply last night.
I had carried out exactly your points, which had provided the customer with sufficient data.
Thanks.
Greetings,
Phil